CVE-2023-21878 affecting package mysql 8.0.31-1

CVE-2023-21878 affecting package mysql 8.0.31-1. An upgraded version of the package is available that resolves this issue...

Updated tigervnc/x11-server packages fix security vulnerability

DeepCopyPointerClasses use-after-free leads to privilege elevation. CVE-2023-0494...

CVE-2023-28487

Sudo before 1.9.13 does not escape control characters in sudoreplay output...

CVE-2022-27170

Protection mechanism failure in the IntelR Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable escalation of privilege via local access...

sudo: arbitrary file write with privileges of the RunAs user

A vulnerability was found in sudo. Exposure in how sudoedit handles user-provided environment variables leads to arbitrary file writing with privileges of the RunAs user usually root. The prerequisite for exploitation is that the current user must be authorized by the sudoers policy to edit a fil...

CVE-2022-45461

The Java Admin Console in Veritas NetBackup through 10.1 and related Veritas products on Linux and UNIX allows authenticated non-root users that have been explicitly added to the auth.conf file to execute arbitrary commands as root...

qt5 security, bug fix, and enhancement update

5.15.3-1 - 5.15.3 Resolves: bz2061377...

CVE-2022-39375

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Users may be able to create a public RSS feed to inject malicious code in dashboards of other users...

CVE-2022-42326

Xenstore: Guests can create arbitrary number of nodes via transactions This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. In case a node has been created in a transaction and it is later deleted in the same transaction, t...

CVE-2022-38530

GPAC v2.1-DEV-rev232-gfcaa01ebb-master was discovered to contain a stack overflow when processing ISOMIOD...

grafana security update

7.5.11-5 - resolve CVE-2022-31107 grafana: OAuth account takeover...

CVE-2022-35861

pyenv 1.2.24 through 2.3.2 allows local users to gain privileges via a .python-version file in the current working directory. An attacker can craft a Python version string in .python-version to execute shims under their control. Shims are executables that pass a command along to a specific versio...

expat security update

2.2.5-8.0.1.2 - lib: Prevent integer overflow in doProlog CVE-2022-23990Orabug: 33910314 2.2.5-8.2 - Improve fix for CVE-2022-25313 - Related: CVE-2022-25313 2.2.5-8.1 - Fix multiple CVEs - Resolves: CVE-2022-25314 - Resolves: CVE-2022-25313...

CVE-2022-1851 affecting package vim for versions less than 8.2.5064-1

CVE-2022-1851 affecting package vim for versions less than 8.2.5064-1. An upgraded version of the package is available that resolves this issue...

CVE-2021-42782 affecting package opensc for versions less than 0.22.0-1

CVE-2021-42782 affecting package opensc for versions less than 0.22.0-1. An upgraded version of the package is available that resolves this issue...

maven:3.6 security update

maven-shared-utils 3.2.1-0.4 - Build with OpenJDK 8...

[SECURITY] Fedora 35 Update: grafana-7.5.15-2.fc35

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB...

Fix of CVE: CVE-2022-28391

CVE-2022-28391: fix possible terminal injection attacks from DNS query results...

CVE-2022-21304 affecting package mysql for versions less than 8.0.28-1

CVE-2022-21304 affecting package mysql for versions less than 8.0.28-1. An upgraded version of the package is available that resolves this issue...

CVE-2021-36370 affecting package mc for versions less than 4.8.27-1

CVE-2021-36370 affecting package mc for versions less than 4.8.27-1. An upgraded version of the package is available that resolves this issue...